master
3 years ago
Merge pull request #317 from Geologik/pyup-update-gitpython-3.1.14-to-3.1.27
pyup Update gitpython
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-six-1.15.0-to-1.16.0
3 years ago
Update six from 1.15.0 to 1.16.0
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-py-1.10.0-to-1.11.0
3 years ago
Update py from 1.10.0 to 1.11.0
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-pluggy-0.13.1-to-1.0.0
3 years ago
Update pluggy from 0.13.1 to 1.0.0
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-requests-mock-1.8.0-to-1.9.3
3 years ago
Update requests-mock from 1.8.0 to 1.9.3
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-requests-2.24.0-to-2.27.1
3 years ago
Update requests from 2.24.0 to 2.27.1
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
master
3 years ago
Merge pull request #307 from Geologik/pyup-update-kivy-garden-0.1.4-to-0.1.5
pyup Update kivy-garde
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
master
3 years ago
Merge pull request #308 from Geologik/pyup-update-typed-ast-1.4.2-to-1.5.2
pyup Update typed-ast to
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
master
3 years ago
Merge pull request #309 from Geologik/pyup-update-wrapt-1.12.1-to-1.14.0
pyup Update wrapt to 1.14.
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-wrapt-1.12.1-to-1.14.0
3 years ago
Update wrapt from 1.12.1 to 1.14.0
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-typed-ast-1.4.2-to-1.5.2
3 years ago
Update typed-ast from 1.4.2 to 1.5.2
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-kivy-garden-0.1.4-to-0.1.5
3 years ago
Update kivy-garden from 0.1.4 to 0.1.5
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
master
3 years ago
Merge pull request #306 from Geologik/pyup-update-black-22.1.0-to-22.3.0
pyup Update black to 22.3.
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
master
3 years ago
Merge pull request #305 from Geologik/pyup-update-kivy-deps-sdl2-0.4.2-to-0.4.5
pyup Update kivy-de
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
pyup-update-black-22.1.0-to-22.3.0
3 years ago
Update black from 22.1.0 to 22.3.0
bandit 1.6.2 and urllib3 1.25.11 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bandit | 1.6.2 | <1.7.7 |
show Bandit 1.7.7 identifies the str.replace method as a potential risk for SQL injection because it can be misused in constructing SQL queries, potentially enabling the execution of arbitrary SQL code. https://github.com/PyCQA/bandit/pull/1044/commits/d909043ba20853c90a7cad4a5b58a180f6937bf8 |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| bandit | 1.6.2 | <1.6.3 |
show Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes. |
| urllib3 | 1.25.11 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 1.25.11 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
| urllib3 | 1.25.11 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
| urllib3 | 1.25.11 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
Python 3 badge
URL
https://pyup.io/repos/github/Geologik/plateypus-app/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/Geologik/plateypus-app/)
Restructured Text
.. image:: https://pyup.io/repos/github/Geologik/plateypus-app/python-3-shield.svg
:target: https://pyup.io/repos/github/Geologik/plateypus-app/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/Geologik/plateypus-app/"><img src="https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/Geologik/plateypus-app/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/Geologik/plateypus-app/
RDoc
{<img src="https://pyup.io/repos/github/Geologik/plateypus-app/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/Geologik/plateypus-app/]
pyup.io badge
URL
https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg
Markdown
[](https://pyup.io/repos/github/Geologik/plateypus-app/)
Restructured Text
.. image:: https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg
:target: https://pyup.io/repos/github/Geologik/plateypus-app/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/Geologik/plateypus-app/"><img src="https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg(Updates)!:https://pyup.io/repos/github/Geologik/plateypus-app/
RDoc
{<img src="https://pyup.io/repos/github/Geologik/plateypus-app/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/Geologik/plateypus-app/]